Computer security, also known as cybersecurity or IT security, relates to the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide. Cyber security includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.
With the rapid evolution of computer systems, global networks, consumer electronics etc. over the past 30 years the field is extremely important in today's society through their integration into every aspect of our lives, from local to national security, manufacturing, banking, and personal. The recent growth of “smart” devices, including smartphones, televisions, wearable devices, smart sensors, etc. as part of the Internet of Things has meant that businesses where they were once worried about a small number of relatively large computers with a small number of software applications must now consider a large number of small, highly portable devices, with multiple wireless interfaces and potentially large numbers of software applications even without considering specific attacks (e.g. hacking, denial of service) and general attacks (e.g. viruses which propagate to millions of electronic devices).
Security generally has been in a prolonged transition stage, where for decades the security industry and users have been using the same threat risk methodologies and the same means to calculate impacts and costs associated with the loss, disruption, damage and sabotage to IT systems as well as others. With cyber security though we have seen threats not only evolve in their technological sophistication but also in their asymmetry, where they now leverage various domains, for example social engineering for information, physical security, access credentials, data manipulation, and technology to meet their agenda.
Currently, much of the data gathering from security breaches stops short of analysis, little intelligence is collected, even less is shared and most countermeasures rely heavily on technological solutions and specialized resources and contractors. If we look back to the advent of web development in the mid-1990s, which was driven developers and the IT industry, security is very much at the same stage. It didn't take long to recognize that in order for the capabilities of the web to meet business and service needs the application layer had to evolve—functions and interfaces required human behaviour and business analysis to improve usability, thereby enhancing market value, revenues and ROI. The flat one-to-one functions of Web 1.0 led to Web 2.0 with its meta-data, folksonomy, personalization, social interaction and collaboration and web media. As Web 3.0 continues to evolve, computational behaviours emerge, such as machine-to-machine learning, anticipatory intelligence, enhanced data-to-data context—replacing document to document relationships—and of course the Internet of Things.
The inventors believe that the security industry in general and the cyber security industry in particular is about to experience a similar transformation, especially in the area of threat risk assessment in two of its most untapped offerings: analysis and intelligence. Detailed and comprehensive analysis of security data allows for a deeper and broader understanding of the impacts and costs associated asset breaches to the organization, market, sector and economies, management of target vulnerabilities on an ongoing basis, consideration of countermeasures from all domains as they make up the current state, true residual risk and the ability to modify and adjust the security posture easily as the threat and technological landscape changes.
It is a common misconception that information is intelligence: in order to transform information into intelligence a number of analytical steps must occur within a framework designed to yield very specific datum that can be associated to other raw or formulated datum, that provides an answer or solution to a sub-problem. Much of this will be accomplished through the re-categorization, elaboration and causal association of terms that are specific to the defined profiles of data required in the threat risk process—this is where compounding of intelligence allows for historical experiences and outcomes to identify threat characteristics. This representative of the Web 1.0 to 2.0 transition and the next phase will follow that of Web 3.0, where advanced, compounded intelligence is derived from similar computational processes that have matured.
Accordingly, the inventors believe that it would be beneficial to provide for those addressing cyber security to exploit a software system that provides threat information gathering and incident reporting as its compounded intelligence moves from identification to predictive and forecasting contexts. It would be beneficial for the cyber security industry to access and exploit a software system that with enough reliable cycles of compounded intelligence a variety of communication and collaboration functions are facilitated for stakeholders across different sectors and that data collected from countermeasure monitoring provides levels of incident and prevalence of known and unknown, or yet to be categorized, threats.
Other aspects and features of the present invention will become apparent to those ordinarily skilled in the art upon review of the following description of specific embodiments of the invention in conjunction with the accompanying figures.